-
Notifications
You must be signed in to change notification settings - Fork 141
ADReadOnlyDomainControllerAccount
dscbot edited this page Aug 18, 2024
·
1 revision
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
DomainControllerAccountName | Key | String | The name of the Read Only Domain Controller Account which will be created. | |
DomainName | Key | String | The fully qualified domain name (FQDN) of the domain the Read Only Domain Controller will be created in. | |
Credential | Required | PSCredential | The credentials (as a 'PSCredential' object) of a user that has Domain Administrator rights to add the Read Only Domain Controller Account to the domain. | |
SiteName | Required | String | The name of the site this Read Only Domain Controller Account will be added to. | |
IsGlobalCatalog | Write | Boolean | Specifies if the read only domain controller will be a Global Catalog (GC). | |
Ensure | Read | String | Returns the state of the Read Only Domain Controller Account. | |
DelegatedAdministratorAccountName | Write | String | Specifies the user or group that is the delegated administrator of this Read-Only Domain Controller (RODC) Account. | |
AllowPasswordReplicationAccountName | Write | StringArray[] | Specifies an array of names of user accounts, group accounts, and computer accounts whose passwords can be replicated to this Read-Only Domain Controller (RODC) Account. | |
DenyPasswordReplicationAccountName | Write | StringArray[] | Specifies the names of user accounts, group accounts, and computer accounts whose passwords are not to be replicated to this Read-Only Domain Controller (RODC) Account. | |
InstallDns | Write | Boolean | Specifies if the DNS Server service should be installed and configured on the Read Only Domain Controller. If this is not set the default value of the parameter InstallDns of the cmdlet Add-ADDSReadOnlyDomainControllerAccount is used. This parameter is only used during the provisioning of a read only domain controller. The parameter cannot be used to install or uninstall the DNS server on an already provisioned read only domain controller. |
The ADReadOnlyDomainControllerAccount DSC resource will pre-create a read only domain controller account in Active Directory. This allows the account actually installing the read only domain controller to use delegated administrative credentials suppled in DelegatedAdministratorAccountName rather than requiring Domain Admins permissions.
The resource does not support removing pre-created Read Only Domain Controller accounts.
- Target machine must be running Windows Server 2008 R2 or later.
- ADComputer
- ADDomain
- ADDomainController
- ADDomainControllerProperties
- ADDomainDefaultPasswordPolicy
- ADDomainFunctionalLevel
- ADDomainTrust
- ADFineGrainedPasswordPolicy
- ADForestFunctionalLevel
- ADForestProperties
- ADGroup
- ADKDSKey
- ADManagedServiceAccount
- ADObjectEnabledState
- ADObjectPermissionEntry
- ADOptionalFeature
- ADOrganizationalUnit
- ADReadOnlyDomainControllerAccount
- ADReplicationSite
- ADReplicationSiteLink
- ADReplicationSubnet
- ADServicePrincipalName
- ADUser
- Home
- WaitForADDomain